38c0e56a48ed8384e384ac193ef96dbb9abcf152ff6ecff7a5b10e8f65949b77

Analysis

max time kernel
128s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.pythonlibs/lib/python3.10/site-packages/aiohttp/__pycache__/client.cpython-310.pyc
Size

30KB
MD5

88a680cc5f6032af1c7eba689dcfdc49
SHA1

468be6b881fa29a636763c1ea80b727b4f9edb99
SHA256

130971435c7737db985893d247b46258b269e694c500210ecaebfce175dbdb49
SHA512

80f3af1a905d23a40655ab39b384b1f38b8b6a352197baa6ab6c96084ab2f9cb6657400278f2706deac1feec1e7f2faab505b09b40aabb9e0d4b24225a7470ad
SSDEEP

768:Gg3BMaashat5NUQnOK6TIrz17UsDBmP4xVOry6AQbZslO9H:L33QjnOGZxQvTR

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133659845433610894"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5100	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
5100	OpenWith.exe
4460	AcroRd32.exe
4460	AcroRd32.exe
4460	AcroRd32.exe
4460	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 4460	5100	OpenWith.exe	95
PID 5100 wrote to memory of 4460	5100	OpenWith.exe	95
PID 5100 wrote to memory of 4460	5100	OpenWith.exe	95
PID 4460 wrote to memory of 1428	4460	AcroRd32.exe	97
PID 4460 wrote to memory of 1428	4460	AcroRd32.exe	97
PID 4460 wrote to memory of 1428	4460	AcroRd32.exe	97
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 1224	1428	RdrCEF.exe	98
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99
PID 1428 wrote to memory of 2400	1428	RdrCEF.exe	99

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\.pythonlibs\lib\python3.10\site-packages\aiohttp\__pycache__\client.cpython-310.pyc
1⤵
- Modifies registry class
PID:4820

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\.pythonlibs\lib\python3.10\site-packages\aiohttp\__pycache__\client.cpython-310.pyc"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4460
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1428
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DC9BC639EBE02AD7EB7992C9E7D00550 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:1224
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CE2AFE474E3D57929B9D9F70B962D4AC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CE2AFE474E3D57929B9D9F70B962D4AC --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:2400
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=917BDEA281E49D84B5897FD4AC0A5EB2 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2940
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8071E7CF72C2C771F70D08AA54FB8B28 --mojo-platform-channel-handle=1940 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4332
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EFE3B9C477DC65CE3D943C2A952A24A2 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb5a74cc40,0x7ffb5a74cc4c,0x7ffb5a74cc58
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2404 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3432,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3732,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=244,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3180,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5228,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4880,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5244,i,172956687452176731,10632592157082869720,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:5016

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a73ea207413ec5e4c6cf2bb17657455b

SHA1
3315a89d06c72f1183b85c2f4febfdd817412159

SHA256
bb3eb9a6d5bc4640c12b591288ba3d3e7dbfab07a1039c602d725e9ce716d948

SHA512
9e52488be550e7daef57f54eb43687c08fcd591616adda249277348edac803d52f1f5e2ed2ff19b41530fa52903afe3ad83443791057f7e6b8172d37e42af0b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9f89ad9f731231d911d0c65a0bddbbd3

SHA1
b998fcab3c6aca7a57174e9e8adc35428a28029f

SHA256
4ff92538221fdc744ad2d8c1373d5e2687178983a75dceee8dd7435b79fda622

SHA512
dcb1b75187a715db1be8df5042f4397bfab9adc57eae4c689def87ba55c205f27c001d6ab65acc8e9fab8360a926801fe103c31fc212fe547f0fcc6e21f0dd66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
bea95d225eca5e4274553332010ab8a9

SHA1
f9eb44407e351c816ccf37b3e6b159e5b0d05141

SHA256
174ed8110834eca0696db1eba36bb093fcc6f80b03f35c66348ca1772c2fb7e7

SHA512
6456ad08713e961579b9d4595e7e660a2cd7cd8001840ee418d79f7432502fe56a0b307062861f8786e18476f052e25673713016610d1fde2cb6b2ce8c02c76d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
396225e2e4b7853b57eac75980d10618

SHA1
543aad75cd10127be8e282b33eaadee659876e87

SHA256
5007f92f4856325ef0ef7c7373d2f0fc451c427805f7fba7f2e2bd761daa08c3

SHA512
0ff5edaa9b74e6b80f2794c6b02427e7ad7a0fb23bcb953fedf1b582f9b436cecd8fe9c3dfab3e99f330078c075480e193237937254c4f45cc01f658f9a1abba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dd07c816e278cbb1f32156b8bd9ae171

SHA1
e19fe6665d86359305ac61712c194194fd46b885

SHA256
996e37fda823338b9ae96188c7a0fa97904d258aaa71dc70821528f3827d96dc

SHA512
f7b47adeb5135e4d3ecf3920c4b2fca3c1d687307aca1fbd3b4f90f96234c5c4488af428923bbe1fb63668f62b1156b87256a4cf4a295a4d893c9a18ae5b4ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
857c386328a8b68fa5943a343c445956

SHA1
b11d392bd6df3800c36ac7682600f14fde27579e

SHA256
fadd8228e7f567a672ea288d7ac6b6e68608ea612eec79ece9431133e4feff45

SHA512
f292253a4798050797202ceede4d6a3bdca2a7167ef497dbcf02ab1720ba03f058677069d5da5cbdc17ee5672e9bea859f486b26ef54d753cadd4c8124c07fcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
80369d12324212ddc37cbbe0904d00c6

SHA1
8643c1a667ffdc3d9471c5747680d53a29eed8fe

SHA256
a05f3238c324973f38a3a347398c9a636bb259ecc0c13c83caca6d4c80861efa

SHA512
7a020c97869e383a345afa12c3498b7d45c2aff93b3ea2e4f6973ab9437795c15137723184b1a96cced550bb250d3303d866a82263e9bc4b312dd6d0c082ba6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c9178e0416e8e220b0220310aef0132d

SHA1
3bac86421b08587c40f31076c1845da72d0a7e87

SHA256
52873ee050dc53841bcc5c0f406fe88c7587c1eeb6f1378df5d23f0ae0e57dfe

SHA512
7984d9c41590e6b8f1c75d1dcd5592b18ca65f83fe9f74dfd5fb970f2871407565289f9002120932ec6dc0cac0920b85c62356512f3e670729ae0d882d257756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5e6a9b2bf9ac08dbf0f7bc203da06d5f

SHA1
6476c9ecce0c538f5fb1264ec5d58eba1e22da8f

SHA256
4cf0accda51ebf1349605ca1dc69049077922cfafb2cd316429962d74e3236ed

SHA512
372ac33667c0670adc41c8105027514892e714a6412a8c0764e7485a9af4bede7ecd3754992e987577466fcaa45538c4f60319c001fc78ebd2a7269ee6aa1904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b9bf642871a5528bb944dbdfab7b07cf

SHA1
c61f53bc54e8c1af7b89bd57b614eab657c32b7d

SHA256
850fce90616912008a6f0f7fd2d13288564fb9a58c48d77d085cc6af5b1c4e57

SHA512
d1a154dc933f1c03986d3c89fd5554624bf70d0ba4d61fea4187712e7e5523dee4bd7d210cb7f586cac0f6af1687a065024899c5d136f2698b42d02e4b2f5584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
90054a946979ce3b4721da542a04ffbb

SHA1
e3a8ce3d27f520803ab45d6a7e711bded7556411

SHA256
a5d6d4cccada81f7ee96a0e82d737544c83f8b8a80a17c59628c02a38206a69f

SHA512
da0813406432302aff4c2e10eb5e0dc22d460660f1a020bfb6a9c0a40a5317cbb8009bb133f31f7172c7416e9dc1971ea93dc8bb8032aa9760da8e5acd9bd0dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5a12996e6c9574d65e3336c23f51bbd

SHA1
1d3d0dceb2b383db36ff2be52c9b77b098a026ae

SHA256
28e27125b2cb14a51a0311465dd3e547d47cf01adacdd1d0b00e5fb5b80ff2bf

SHA512
b6f9c776b0836b955409792b437efd8a911411d36b15055dc1f876ed5583ac718252e7de2e174fa3300041ebfd11be778b74c032310ec5a2c82a31eb1c2455d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
feef2f3dfd6fc6e3d6f76929d38a4106

SHA1
54b8d3f552b5898664163250269cba6d16c7ced6

SHA256
c247c0bf8f6ad0eb87d993605166f6dbeaac57387094d6d2f2e0f16bbbce8a34

SHA512
4dee890c2b45a677d012f13b4a17501eb14d56c8cfd76251278416bf61f40c619219169b03128c1f229868c306e7f6978200d5e688334e9c61a23182b50ce508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cd88deeac03c1e3980b0ce9d1fca4ee8

SHA1
eed9c26491df657333ffcc39215cdff36b6b3b46

SHA256
bc1e08499c7a9d788199f1ee6b193468fc7f43c649715e8d5733e384eb701d3d

SHA512
246856568c3d438cde35299329cd27b01bdf97baa0819dbc74b91c205bba878579bda4bbd29d578940ac732194e207c1ebba6693693d5e1629743879dcbe95f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\4663e7a5-4458-4aed-9aa3-62791d858f64\index-dir\the-real-index

Filesize
72B

MD5
7497685adedd4a28b3dd0be4a1af76e2

SHA1
5130b3e5c9b4cadb6985b82b4aa0422baa7c6667

SHA256
1db9d64eec4ae3de74cc2dad1d956971b4fd195c9822c2c844e5a62dfdca2bfb

SHA512
380b0c9cf17a87aee6b27f62e981340955702843726cf868d364c69ea9c45e0147520ded1dd803e475242ee792ed4eb6ff83c74286304b3253a111c413d25c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\4663e7a5-4458-4aed-9aa3-62791d858f64\index-dir\the-real-index~RFe58d954.TMP

Filesize
48B

MD5
bf8876072e1a49f10a101cf698e694d1

SHA1
52199e5433855fd04b8e1370d602ab40db861a54

SHA256
2d614cedcfa5b3e2d32e4b637960ba8b7b9c2092cc66b1ea333c4e40eeb8111b

SHA512
cb75ae57cdadc9e1e331d9cd9c4a0725d4297990742757ed390c009a10602e1039188c0d47f34cdb5c89d1d2a432b78b9c6712f99e8e751adb60ad70ff4f3e59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\index.txt

Filesize
102B

MD5
cf7b0ddd336457a0eadd437a22d332e8

SHA1
0d3354c20ca9b904b77f8e0bddc54de1bfdf4c12

SHA256
cfff6f66fcc748dbea1ec702e22c67cfefec112278fa38bb48be211e7736561f

SHA512
34308959fb72161932f712d621951a0ac5c56fcf79a8e73a6f9c112d379be5f8308502efbb581991451e79fc5dc93cf86ac307fbb67678bb7b086f212132ad87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\index.txt~RFe58d983.TMP

Filesize
108B

MD5
e93334674653e5d97b5635c21af7d8ec

SHA1
12f51630b58f185062d4ba03855de14d4e051156

SHA256
33d3f82b213c12f00d78c81da5fb84fd8759f66839db0b50dee9d3cb6115a791

SHA512
39dcf3b56d45a9cf057d2bb79916d1c9b93e1d5178e892cbc2b7e3df67aa319d89e883a8d787d44572ba184d424d5597e7b7675492df81fb2a64d3c2df1c9915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8afea967b69aca1ed8cda799aeb96ad6

SHA1
d83652aa99171e3a4fde96dc705233a78ff609c9

SHA256
8d4f79a471b5776f83a0462803a0befa4aff07c2efa5bb521ec9c4e23d132e19

SHA512
e92895226be810723f9f3148e73cb3def95f2d52fbde14f76ec2ff8e1f0205d246f5c1766eb35dff92cdec27db5baab1e7ee4cc45a76562fd553ee9425afdebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
61fac7e6eb4f56dcbebdaaec5791a35f

SHA1
6ca102679327937b1dc7436d476366498736d17f

SHA256
02bd8cd102014ceab3d9859da2769ba58a1d9326381c270268d8adde84367666

SHA512
dc5c76a667939cf5cda9555eb2ae59d29b65eedff0599e942b207a2561d9cd604876769609c0dcc23222b8190a25da944b3f9d084eeef1dae8453f22eda55355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
3dd7322876467928ce6c41ff51e193d8

SHA1
5fec8c34e11697a72248053a4835ef55453a4b54

SHA256
002a09345222021e95f1ac9170d6a1141879386f4b2a5f74f84d761802638d83

SHA512
c71a335fc04cdcc8a0a71231a3675004fb34481607ae02a8651e260dc49e99dbea3e9044b98d5ff64e214ca77720d5b88637da58f40da7f4424a9fdce5d8ddce

Download Submit